General
-
Target
021369dd438b340f58615f40985fa118_JaffaCakes118
-
Size
182KB
-
Sample
240427-bltnqsgf91
-
MD5
021369dd438b340f58615f40985fa118
-
SHA1
16361b5545b27f0940621b6c23e61bb2667ee999
-
SHA256
d2991fc4edb1a667fa2dcaf28987c4c24b844331d705f9fda99ed82680e886de
-
SHA512
89d01567575ba590e4e478604ace22ba1118bce6856db3e62b3c1e44ed7bdabf7e2a8c08d9c3452a54f8550c6bc03513c284c6562c5d92a16461480331abbbb3
-
SSDEEP
3072:ii2y/GdyaktGDWLS0HZWD5w8K7Nk9AGD7IBUggmGhhjA98:ii2k44tGiL3HJk9AGD7bggm6hjAy
Behavioral task
behavioral1
Sample
021369dd438b340f58615f40985fa118_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
021369dd438b340f58615f40985fa118_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://hanserefelektrik.com/wp-content/o0zEZ17669/
http://governessfilms.com/cgi-bin/gnbw2/
http://forming-a.com/mysql/0s53/
http://harbour-springs.webonlinepro.com/cgi-bin/pdviP01/
http://gomitra.com/aspnet_client/xkwsJj/
Targets
-
-
Target
021369dd438b340f58615f40985fa118_JaffaCakes118
-
Size
182KB
-
MD5
021369dd438b340f58615f40985fa118
-
SHA1
16361b5545b27f0940621b6c23e61bb2667ee999
-
SHA256
d2991fc4edb1a667fa2dcaf28987c4c24b844331d705f9fda99ed82680e886de
-
SHA512
89d01567575ba590e4e478604ace22ba1118bce6856db3e62b3c1e44ed7bdabf7e2a8c08d9c3452a54f8550c6bc03513c284c6562c5d92a16461480331abbbb3
-
SSDEEP
3072:ii2y/GdyaktGDWLS0HZWD5w8K7Nk9AGD7IBUggmGhhjA98:ii2k44tGiL3HJk9AGD7bggm6hjAy
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-